Mailing List Archive

Covert Channels In IPv6
Hi folks,

I´ve recently started off a research on IPv6 covert channels.

It would be nice if anyone of you could give me whatever kind of infomation
regarding covert Channels in IPv6.

Greetings and thanks in advance.

Rafa S.
Re: Covert Channels In IPv6 [ In reply to ]
On Wed, 15 Jun 2011, Rafa Sanchez wrote:

> I´ve recently started off a research on IPv6 covert channels.
>
> It would be nice if anyone of you could give me whatever kind of infomation
> regarding covert Channels in IPv6.

<http://lmgtfy.com/?q=ipv6+covert+channels>

If you spend a few hours to sift through that information and write a
summary here, we'll see if someone is interested in spending time adding
to it.

--
Mikael Abrahamsson email: swmike@swm.pp.se
Re: Covert Channels In IPv6 [ In reply to ]
There is a lot of good information out there on covert channels for IPv6.
The IPv6 header provides all kinds of ways to send data in them.
Searching shows lots of good information. ISC SANS has a course on IPv6
that touches on covert channels as well. The best video I've seen for
just generaly IPv6 security is from Marc Heuse. He touches on covert
channels a bit as well.

http://www.youtube.com/watch?v=c7hq2q4jQYw

On Wed, 15 Jun 2011, Rafa Sanchez wrote:

> Hi folks,
>
> I´ve recently started off a research on IPv6 covert channels.
>
> It would be nice if anyone of you could give me whatever kind of infomation
> regarding covert Channels in IPv6.
>
> Greetings and thanks in advance.
>
> Rafa S.
>

--
Greg T. Grimes
Senior Network Analyst
Information Technology Services
Mississippi State University
greg.grimes@msstate.edu
Re: Covert Channels In IPv6 [ In reply to ]
Hi Rafa,

this is kinda a hopeless thing. I did a quick look at this a year ago -
everything there can be misused as a covert channel.
I even implemented a tool where you can just put data into destination
extension headers with unused options (the type which are ignored if
unknown) - and it bypasses all firewalls (fw-1, cisco asa, netscreen).
its called covert_send6 and can by found in my thc-ipv6 package at
www.thc.org/thc-ipv6

but covert channels in ipv6 are a not so important security topic. a
simple proxy will already secure you from that, and a security
infrastructure which does not have a dmz based on secure application
gateways has a weak security design anyway.
covert channels in uper level protocols that survive security gateways -
thats the important stuff. (and still easy to do)

Greets,
Marc

Am 15.06.2011 14:36, schrieb Rafa Sanchez:
> Hi folks,
>
> I´ve recently started off a research on IPv6 covert channels.
>
> It would be nice if anyone of you could give me whatever kind of
> infomation regarding covert Channels in IPv6.
>
> Greetings and thanks in advance.
>
> Rafa S.

--
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726
www.mh-sec.de

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
Re: Covert Channels In IPv6 [ In reply to ]
On 15 jun 2011, at 14:36, Rafa Sanchez wrote:

> It would be nice if anyone of you could give me whatever kind of infomation regarding covert Channels in IPv6.

I'm sending you the requested information encoded in the flow label. Please respond using the ToS byte.